Using social information for authenticating a user session

摘要

A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user's activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member's connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.

主权项

1. A computer implemented method comprising:
maintaining user profiles for a plurality of users of a social networking system; maintaining a plurality of connections between the users of the social networking system; receiving a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system; selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user; obtaining information from a user profile of the other user; determining whether the request is received from a suspicious source; determining difficulty level of the challenge question based on whether the source is suspicious; forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; sending the challenge question to the requestor; and responsive to receiving a correct answer to the challenge question, allowing the requested access.